This function checks username and password against -rpcauth entries from config file.
| 95 | //This function checks username and password against -rpcauth |
| 96 | //entries from config file. |
| 97 | static bool multiUserAuthorized(std::string strUserPass) |
| 98 | { |
| 99 | if (strUserPass.find(':') == std::string::npos) { |
| 100 | return false; |
| 101 | } |
| 102 | std::string strUser = strUserPass.substr(0, strUserPass.find(':')); |
| 103 | std::string strPass = strUserPass.substr(strUserPass.find(':') + 1); |
| 104 | |
| 105 | for (const auto& vFields : g_rpcauth) { |
| 106 | std::string strName = vFields[0]; |
| 107 | if (!TimingResistantEqual(strName, strUser)) { |
| 108 | continue; |
| 109 | } |
| 110 | |
| 111 | std::string strSalt = vFields[1]; |
| 112 | std::string strHash = vFields[2]; |
| 113 | |
| 114 | static const unsigned int KEY_SIZE = 32; |
| 115 | unsigned char out[KEY_SIZE]; |
| 116 | |
| 117 | CHMAC_SHA256(reinterpret_cast<const unsigned char*>(strSalt.data()), strSalt.size()).Write(reinterpret_cast<const unsigned char*>(strPass.data()), strPass.size()).Finalize(out); |
| 118 | std::vector<unsigned char> hexvec(out, out+KEY_SIZE); |
| 119 | std::string strHashFromPass = HexStr(hexvec); |
| 120 | |
| 121 | if (TimingResistantEqual(strHashFromPass, strHash)) { |
| 122 | return true; |
| 123 | } |
| 124 | } |
| 125 | return false; |
| 126 | } |
| 127 | |
| 128 | static bool RPCAuthorized(const std::string& strAuth, std::string& strAuthUsernameOut) |
| 129 | { |
no test coverage detected